research-article

Back-of-device authentication on smartphones

Authors:

Alexander De Luca,

Emanuel von Zezschwitz,

Ngo Dieu Huong Nguyen,

Max-Emanuel Maurer,

Marcello Paolo Scipioni,

Marc LangheinrichAuthors Info & Claims

CHI '13: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Pages 2389 - 2398

https://doi.org/10.1145/2470654.2481330

Published: 27 April 2013 Publication History

Abstract

This paper presents BoD Shapes, a novel authentication method for smartphones that uses the back of the device for input. We argue that this increases the resistance to shoulder surfing while remaining reasonably fast and easy-to-use. We performed a user study (n=24) comparing BoD Shapes to PIN authentication, Android grid unlock, and a front version of our system. Testing a front version allowed us to directly compare performance and security measures between front and back authentication. Our results show that BoD Shapes is significantly more secure than the three other approaches. While performance declined, our results show that BoD Shapes can be very fast (up to 1.5 seconds in the user study) and that learning effects have an influence on its performance. This indicates that speed improvements can be expected in long-term use.

References

[1]

Aviv, A., Gibson, K., Mossop, E., Blaze, M., and Smith, J. Smudge attacks on smartphone touch screens. In Proc. USENIX 2010, USENIX Association (2010), 1--7.

Digital Library

[2]

Azenkot, S., Rector, K., Ladner, R., and Wobbrock, J. Passchords: secure multi-touch authentication for blind people. In Proceedings of the 14th international ACM SIGACCESS conference on Computers and accessibility, ASSETS '12, ACM (2012), 159--166.

Digital Library

[3]

Baudisch, P., and Chu, G. Back-of-device interaction allows creating very small touch devices. In Proc. CHI 2009, ACM (2009), 1923--1932.

Digital Library

[4]

Bianchi, A., Oakley, I., Kostakos, V., and Kwon, D. S. The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices. In Proc. TEI 2011, ACM (2011), 197--200.

Digital Library

[5]

Bianchi, A., Oakley, I., and Kwon, D. Spinlock: A single-cue haptic and audio PIN input technique for authentication. In Proc. Haptic and Audio Interaction Design, Springer Berlin / Heidelberg (2011), 81--90.

Digital Library

[6]

Böhmer, M., Hecht, B., Schöning, J., Krüger, A., and Bauer, G. Falling asleep with Angry Birds, Facebook and Kindle: a large scale study on mobile application usage. In Proc. MobileHCI 2011, ACM (2011), 47--56.

Digital Library

[7]

Carr, S. Public Space. Cambridge Univ Press, 1992.

[8]

Chong, M., and Marsden, G. Exploring the use of discrete gestures for authentication. In Proc. INTERACT 2009, Springer Berlin / Heidelberg (2009), 205--213.

Digital Library

[9]

Clarke, N., and Furnell, S. Authenticating mobile phone users using keystroke analysis. International Journal of Information Security 6, 1 (2007), 1--14.

Digital Library

[10]

Clarke, N., Furnell, S., Rodwell, P., and Reynolds, P. Acceptance of subscriber authentication methods for mobile telephony devices. Computers & Security 21, 3 (2002), 220--228.

Digital Library

[11]

De Luca, A., Hang, A., Brudy, F., Lindner, C., and Hussmann, H. Touch me once and i know it's you!: Implicit authentication based on touch screen patterns. In Proc. CHI 2012, ACM (2012), 987--996.

Digital Library

[12]

De Luca, A., Langheinrich, M., and Hussmann, H. Towards understanding ATM security: a field study of real world ATM use. In Proc. SOUPS 2010, ACM (2010), 16:1--16:10.

Digital Library

[13]

De Luca, A., von Zezschwitz, E., and Hussmann, H. Vibrapass: secure authentication based on shared lies. In Proc. CHI 2009, ACM (2009), 913--916.

Digital Library

[14]

Dunphy, P., Heiner, A. P., and Asokan, N. A closer look at recognition-based graphical passwords on mobile devices. In Proc. SOUPS 2010, ACM (2010), 3:1--3:12.

Digital Library

[15]

Fleishman, E., and Parker Jr, J. Factors in the retention and relearning of perceptual-motor skill. Journal of Experimental Psychology 64, 3 (1962), 215.

[16]

Gafurov, D., Helkala, K., and Søndrol, T. Biometric gait authentication using accelerometer sensor. Journal of computers 1, 7 (2006), 51--59.

[17]

Hirotaka, N. Reassessing current cell phone designs: using thumb input effectively. In CHI 2003 EA, ACM (2003), 938--939.

Digital Library

[18]

Jakobsson, M., Shi, E., Golle, P., and Chow, R. Implicit authentication for mobile devices. In Proc. HotSec 2009, USENIX Association (Berkeley, CA, USA, 2009), 9--9.

Digital Library

[19]

Jermyn, I., Mayer, A., Monrose, F., Reiter, M., and Rubin, A. The design and analysis of graphical passwords. In Proc. Usenix 1999 (1999), 1--14.

Digital Library

[20]

Karlson, A. K., Brush, A. B., and Schechter, S. Can I borrow your phone?: Understanding concerns when sharing mobile phones. In Proc. CHI 2009, ACM (2009), 1647--1650.

Digital Library

[21]

Kennedy, D., and Osuga, R. Transparent double-sided touchscreen display Android smartphone prototype. http://www.diginfo.tv/v/12-0099-r-en.php, May 2012. Last accessed: January 7, 2013.

[22]

Kirschnick, N., Kratz, S., and Möller, S. An improved approach to gesture-based authentication for mobile devices. In SOUPS 2010 (2010).

[23]

Shadmehr, R., and Brashers-Krug, T. Functional stages in the formation of human long-term motor memory. The Journal of Neuroscience 17 (1997), 409--419.

[24]

Siek, K., Rogers, Y., and Connelly, K. Fat finger worries: How older and younger users physically interact with PDAs. In Proc. INTERACT 2005, Springer Berlin / Heidelberg (2005), 267--280.

Digital Library

[25]

Takada, T., and Koike, H. Awase-E: Image-based authentication for mobile phones using user's favorite images. In Proc. Human-Computer Interaction with Mobile Devices and Services, Springer Berlin / Heidelberg (2003), 347--351.

[26]

Tari, F., Ozok, A. A., and Holden, S. H. A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In Proc. SOUPS 2006, ACM (2006), 56--66.

Digital Library

[27]

Weiss, R., and De Luca, A. Passshapes - utilizing stroke based authentication to increase password memorability. In NordiCHI 2008: Proceedings of the 5th Nordic Conference on Human-Computer Interaction, ACM (2008), 383--392.

Digital Library

[28]

Wolin, A., Eoff, B., and Hammond, T. Shortstraw: A simple and effective corner finder for polylines. In Proc. Eurographics 2008 (2008), 3340.

Digital Library

[29]

Yazji, S., Chen, X., Dick, R., and Scheuermann, P. Implicit user re-authentication for mobile devices? In Proc. UIC 2009, vol. 5585, Springer-Verlag New York Inc (2009), 325.

Digital Library

Cited By

Bemmann FStoll HMayer S(2024)Privacy Slider: Fine-Grain Privacy Control for SmartphonesProceedings of the ACM on Human-Computer Interaction10.1145/36765198:MHCI(1-31)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676519
Tan JSarmah D(2023)Hollow-Pass: A Dual-View Pattern Password Against Shoulder-Surfing AttacksCyber Security, Cryptology, and Machine Learning10.1007/978-3-031-34671-2_18(251-272)Online publication date: 21-Jun-2023
https://doi.org/10.1007/978-3-031-34671-2_18
Grubert J(2023)Mixed Reality Interaction TechniquesSpringer Handbook of Augmented Reality10.1007/978-3-030-67822-7_5(109-129)Online publication date: 1-Jan-2023
https://doi.org/10.1007/978-3-030-67822-7_5
Show More Cited By

Index Terms

Back-of-device authentication on smartphones
1. Human-centered computing
  1. Human computer interaction (HCI)

Recommendations

A Secure and Efficient Deniable Authentication Protocol
ICIE '09: Proceedings of the 2009 WASE International Conference on Information Engineering - Volume 02

A deniable authentication can be used to provide secure negotiation on the Internet. Although many deniable authentication protocols have been proposed, most of them are interactive or vulnerable to various cryptanalytic attacks. To find a secure and ...
Privacy preserving smartcard-based authentication system with provable security

In this paper, we suggest a new privacy preserving smartcard-based password authenticated key exchange SC-PAKE with provable security. Only the user who has two secrets smartcard and password can go through authentication with key exchange while ...
A new signature scheme without random oracles

Digital signature is commonly used for authentication of a user or data. In order to ensure the security of a signature scheme, it is important to design a signature scheme with a security proof. In 1999, Gennaro et al. and Cramer et al. respectively ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI '13: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

April 2013

3550 pages

ISBN:9781450318990

DOI:10.1145/2470654

General Chair:
Wendy E. Mackay
INRIA
,
Program Chairs:
Stephen Brewster
Glasgow University
,
Susanne Bødker
University of Aarhus

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 April 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CHI '13

Sponsor:

SIGCHI

CHI '13: CHI Conference on Human Factors in Computing Systems

April 27 - May 2, 2013

Paris, France

Acceptance Rates

CHI '13 Paper Acceptance Rate 392 of 1,963 submissions, 20%;

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Upcoming Conference

CHI 2025

Sponsor:
sigchi

ACM CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

95
Total Citations
View Citations
1,328
Total Downloads

Downloads (Last 12 months)44
Downloads (Last 6 weeks)3

Reflects downloads up to 27 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Bemmann FStoll HMayer S(2024)Privacy Slider: Fine-Grain Privacy Control for SmartphonesProceedings of the ACM on Human-Computer Interaction10.1145/36765198:MHCI(1-31)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676519
Tan JSarmah D(2023)Hollow-Pass: A Dual-View Pattern Password Against Shoulder-Surfing AttacksCyber Security, Cryptology, and Machine Learning10.1007/978-3-031-34671-2_18(251-272)Online publication date: 21-Jun-2023
https://doi.org/10.1007/978-3-031-34671-2_18
Grubert J(2023)Mixed Reality Interaction TechniquesSpringer Handbook of Augmented Reality10.1007/978-3-030-67822-7_5(109-129)Online publication date: 1-Jan-2023
https://doi.org/10.1007/978-3-030-67822-7_5
Watson KBretin RKhamis MMathis F(2022)The Feet in Human-Centred Security: Investigating Foot-Based User Authentication for Public DisplaysExtended Abstracts of the 2022 CHI Conference on Human Factors in Computing Systems10.1145/3491101.3519838(1-9)Online publication date: 27-Apr-2022
https://dl.acm.org/doi/10.1145/3491101.3519838
Mathis FVaniea KKhamis M(2022)Can I Borrow Your ATM? Using Virtual Reality for (Simulated) In Situ Authentication Research2022 IEEE Conference on Virtual Reality and 3D User Interfaces (VR)10.1109/VR51125.2022.00049(301-310)Online publication date: Mar-2022
https://doi.org/10.1109/VR51125.2022.00049
Mathis FO'Hagan JKhamis MVaniea K(2022)Virtual Reality Observations: Using Virtual Reality to Augment Lab-Based Shoulder Surfing Research2022 IEEE Conference on Virtual Reality and 3D User Interfaces (VR)10.1109/VR51125.2022.00048(291-300)Online publication date: Mar-2022
https://doi.org/10.1109/VR51125.2022.00048
Khamis MMarky KBulling AAlt F(2022)User-centred multimodal authentication: securing handheld mobile devices using gaze and touch inputBehaviour & Information Technology10.1080/0144929X.2022.206959741:10(2061-2083)Online publication date: 6-May-2022
https://doi.org/10.1080/0144929X.2022.2069597
Mathis FVaniea KKhamis M(2021)Observing Virtual Avatars: The Impact of Avatars’ Fidelity on Identifying InteractionsProceedings of the 24th International Academic Mindtrek Conference10.1145/3464327.3464329(154-164)Online publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1145/3464327.3464329
Saad ALiebers JGruenefeld UAlt FSchneegass S(2021)Understanding Bystanders’ Tendency to Shoulder Surf Smartphones Using 360-degree Videos in Virtual RealityProceedings of the 23rd International Conference on Mobile Human-Computer Interaction10.1145/3447526.3472058(1-8)Online publication date: 27-Sep-2021
https://dl.acm.org/doi/10.1145/3447526.3472058
Mathis FWilliamson JVaniea KKhamis M(2021)Fast and Secure Authentication in Virtual Reality Using Coordinated 3D Manipulation and PointingACM Transactions on Computer-Human Interaction10.1145/342812128:1(1-44)Online publication date: 20-Jan-2021
https://dl.acm.org/doi/10.1145/3428121
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten